Packet Ninjas: How to fight the DDoS threat

Regarding DDoS attacks, one security researcher says, "There is no security, there is only time." Is this perspective the key to better defense and mitigation?

Distributed Denial of Service (DDoS) is one of the more successful bad-guy attacks, as exemplified in the following Digital Attack Map—note the increase since the first of September.

There’s precious little that quells this type of attack. The most successful avenue has been diverting as much attack traffic as possible while attempting to find the attackers and shut them down. There’s a catch though; pulling this off requires way-above-average expertise in computer forensics.

During my recent trip to Birmingham, I visited the headquarters for Regions Financial Corporation, and during lunch Michele Cantley, Region’s CISO, explained how her team worked through a serious DDoS attack with the help of Daniel Clemens—one of those scary-smart experts—and his aptly named company: Packet Ninjas.

What is Packet Ninjas?

If you visit the Packet Ninja website, there’s page after page describing the many services Clemens and his team provide. Simply put, Packet Ninjas will help companies proactively seek out weaknesses before problems arise. They also assist companies minimize damage while under attack, and determine the how and why of an attack after it has been terminated.

That said, there are several companies offering similar services so I asked Clemens what made Packet Ninjas unique in this market?

I think what makes Packet Ninjas unique is our exposure to the different problems we have encountered all around the world, as well as how we solve problems. We are dealing with people who think outside the box and use unconventional methods, meaning current approaches such as compliance audits, are ineffective, so we do not use them.

Something else to consider: everyone will talk a big game about being “secure,” but I can tell you nine times out of ten they will say, “Oh we had a SAS 70” done—which is completely irrelevant when I the hacker want to find a hole, and exploit it.

The big picture

Clemens wasn’t kidding when he said, “around the world.” He candidly relived a rather harrowing experience in Latin America, and he was headed to the Middle East right after our talk. Those kinds of experiences have provided him with a unique perspective. I asked Clemens if he would share some of his insight with us.

"I think the hardest thing to articulate is that IT security has changed; what was considered IT security in the past is not what it is today. It’s more than that: it’s about geopolitics, profits and loss, customer trust, swatting people’s homes, or in extreme cases: death (which we have seen happen in a few outliers).

"Our physical world is fast becoming littered with digital fingerprints. And, since humans are inherently flawed; our digital fingerprints introduce vulnerabilities not only into code, but into society as well."

There is no security

Next, I asked Clemens if he could elaborate on what has changed in IT security.

"There really is no security, there is only time. By that, I mean the length of time we have to detect and hopefully prevent attacks before we’re 'owned.' We also need to challenge our own assumptions about IT security, even assumptions on who we think our adversaries are? Finally, we need to keep trying different lenses, in order to gauge risk adequately."

An example

Remember when Clemens mentioned, “swatting someone’s home?” Well, that happened to a friend of mine, Brian Krebs. If you don’t recognize the name, Brian is an award-winning journalist who regularly exposes serious Internet criminals.

Last March, Brian evidently irritated someone knowledgeable enough in digital foul play to DDoS his blog site. If that wasn’t enough, Brian also became a victim of Swatting, where the Fairfax County Police came to his home, knocking on the front door with guns drawn. Thankfully, after a few minutes, the police realized it was a hoax.

Brian contracted Daniel and Packet Ninjas to help figure out who was behind all of this. I’ll let Brian explain the details.

"Daniel was quite helpful in the initial analysis of the leaked SQL tables for the DDoS-for-hire service that was used to attack my site. He helped identify the account used to launch the attack on both my site and Ars Technica’s site. He also was instrumental in locating most—if not all—the social identities of a person associated with the kids who instigated the DDoS attack and Swatting incident."

Final thoughts

The attacks on Brian did not require in-depth hacking skills. The Internet is littered with DDoS applications and “how to” guides. But, as I mentioned earlier, it takes seriously smart people to counter sophisticated malicious attacks. It’s good to know Daniel and the crew at Packet Ninjas are there to help.